AZ-500 · Question #391
AZ-500 Question #391: Real Exam Question with Answer & Explanation
The correct answer is D: Provide each app with a unique Base64-encoded AES-256 encryption key and configure the app. https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview Encryption scopes enable you to manage encryption with a key that is scoped to a container or an individual blob. You can use encryption scopes to create secure boundaries between data that resides in
Question
You have an Azure subscription that contains a storage account named storage1 and two web apps named app1 and app2. Both apps will write data to storage1. You need to ensure that each app can read only the data that it has written. What should you do?
Options
- AProvide each app with a system-assigned identity and configure storage1 to use Azure AD User
- BProvide each app with a separate Storage account key and configure the app to send the key
- CProvide each app with a user-managed identity and configure storage1 to use Azure AD User
- DProvide each app with a unique Base64-encoded AES-256 encryption key and configure the app
Explanation
https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview Encryption scopes enable you to manage encryption with a key that is scoped to a container or an individual blob. You can use encryption scopes to create secure boundaries between data that resides in the same storage account but belongs to different customers.
Community Discussion
No community discussion yet for this question.